Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Potentially Catastrophic Windows Defender Patch Sparks Fears Over Disk Space Consumption


Microsoft's latest patch for Windows Defender may fix a zero-day vulnerability but has inadvertently introduced new issues that could allow attackers to fill up hard disk space and cause system instability. The situation highlights ongoing tensions between Microsoft and a researcher who had previously accused the company of not disclosing vulnerabilities responsibly.

  • The Microsoft patch released to fix a zero-day vulnerability in Defender security engine has inadvertently introduced a new issue.
  • The new issue allows attackers to exhaust all available disk space by writing massive amounts of data to it.
  • The behavior is attributed to the spynet functions in the mpengine.dll driver, which leak 8 bytes of data when trying to open a file.
  • The vulnerability requires a specific setup, including a custom SMB server and a malicious file.
  • Microsoft has not confirmed the described behavior, sparking concerns from researchers who have been critical of Microsoft's response to zero-day vulnerabilities.



  • Ars Technica recently reported on a patch released by Microsoft to address a zero-day vulnerability in its Defender security engine, which could allow attackers to fill hard disk space and potentially cause catastrophic consequences for Windows machines. The patched vulnerability, identified as CVE-2026-50656 and tracked as RoguePlanet, was discovered by a researcher who went by the pseudonym NightmareEclipse.

    The patch, which was released on Wednesday, aims to fix the security flaw but has inadvertently introduced a new issue that could lead to the consumption of available disk space. According to NightmareEclipse, the newly introduced mitigations in the Microsoft Malware Protection Engine's mpengine.dll driver can cause it to leak 8 bytes of data when trying to open a file, which in turn allows attackers to exhaust all available space on a hard drive by writing massive amounts of data to it.

    The behavior is attributed to the spynet functions in the mpengine.dll, which want to keep a local copy of the Zone.Identifier ADS file. Windows Defender normally places hard limits on how big a file can be written to disk when scanning and quarantining a machine, but this exception allows attackers to potentially fill up the entire disk space.

    NightmareEclipse explained that the vulnerability requires a specific setup, including a custom SMB server that handles requests from Windows Defender and serves a malicious file followed by a massive ADS file. The attacker can then trigger the behavior by replying to the read request in such a way that the SMB server keeps the connection alive, causing Defender to hang and lock onto the offending files, holding the entire disk space.

    Microsoft has yet to confirm the described behavior, sparking concerns from NightmareEclipse and other researchers who have been critical of Microsoft's response to zero-day vulnerabilities. The situation highlights ongoing tensions between Microsoft and NightmareEclipse, with the researcher accusing Microsoft of not disclosing a previously patched vulnerability quietly.

    In this context, it is essential for users and system administrators to be aware of the potential risks associated with the latest patch from Microsoft. While the patch aims to address security concerns, it has inadvertently introduced new vulnerabilities that could have far-reaching consequences if exploited by malicious actors.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Potentially-Catastrophic-Windows-Defender-Patch-Sparks-Fears-Over-Disk-Space-Consumption-ehn.shtml

  • https://arstechnica.com/security/2026/07/patch-for-windows-defender-0-day-could-allow-attackers-to-fill-hard-disk/

  • https://wingeek.com/3885987/patch-for-windows-defender-0day-could-allow-attackers-to-fill-hard-disk/

  • https://www.malwarebytes.com/blog/news/2026/07/microsoft-fixes-rogueplanet-zero-day-in-defender

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-rogueplanet-defender-zero-day-vulnerability/


  • Published: Thu Jul 9 17:40:14 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us